Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Apache HTTP Server Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability - CVE-2020-11993 - Vulnerability Database
Apache HTTP Server

Apache HTTP Server Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability - CVE-2020-11993

High
Reference: CVE-2020-11993
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-11993
Title: Apache HTTP Server Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability
Overview:

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns logging statements were made on the wrong connection causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above quotinfoquot will mitigate this vulnerability for unpatched servers.